HAWKBALL
HAWKBALL is a backdoor Trojan that provides its administrators with options for controlling your PC remotely and dropping other threats, such as specialized spyware. Its usage targets government sector entities in Asia currently. Workers can guard their networks by monitoring incoming e-mails for phishing attacks and having anti-malware services for deleting HAWKBALL on sight.
A Bird Well-Rounded but Aerodynamic
Live attacks against government-based networks in Asia are coming up with a new sample of a recon-oriented Trojan, which occupies the same first or early stage niche as threats like Skipper or the Plead Backdoor. The signs, so far, lean towards the new HAWKBALL being another example of a spying Trojan that opens the door for more of its fellows, according to the commands of its hostile state-sponsored operatives.
HAWKBALL is both a backdoor Trojan and a Trojan downloader and has command support that has yet to receive an exhaustive analysis, with some factors remaining unknown. The current capabilities of the program that malware researchers cite for the most pertinence include:
- Gathering system information (such as the OS version) for delivering to the threat actor.
- Conducting file operations like deleting and moving.
- Using a reverse shell-based instance of CMD for executing additional commands.
- Creating new processes with any specified arguments.
- Downloading files onto the computer.
As usual, HAWKBALL positions itself as a threat that can help install other ones and give its attackers robust surveillance and system-controlling options. Also, the inflexible, hard-coded aspect of some of its internals, such as its Command & Control server, suggest that the threat actors plan on updating it in every new deployment.
Tossing a Ball into the Wastebin of Trojan History
While HAWKBALL is a new backdoor Trojan, nothing about its payload is extraordinary or unheard of, which is just as accurate a statement of its infection strategies. Malware experts can confirm attacks using crafted e-mail messages with corrupted Word documents that contain target-specific information related to anti-terrorism strategizing. The targets are Russian speakers, and the drive-by-download exploits in use are both patchable by installing the relevant Microsoft update.
Users who don't patch their software regularly are at high risk from infections from a range of sources, including both high-level, espionage-related Trojans like HAWKBALL and more commercialized interests like the Echobot botnet. However, not all vulnerabilities are remediable through patches, and there is a risk of a zero-day exploit facilitating a Trojan's installation routine. Other security measures, such as scanning all downloads, verifying the sources of your files, and leaving macros inactive, are necessary equally.
There are no high-visibility symptoms related to HAWKBALL infections. Users can block or delete HAWKBALL with the anti-malware products of their choice and should change passwords and other credentials after disinfection.
HAWKBALL is just the beginning of a predatorial in any vulnerable network, and hands over information that would let any attacker make lucrative progress in further compromising a target. Fortunately, its anti-debugging efforts are for naught, with reasonable certainty about most of its capabilities in the cyber-security industry's hands.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.